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AMENDMENTS TO THE CLAIMS 

The listing of claims will replace all prior versions, and listings, of claims in 
the application: 

Listing of Claims: 

1. (Currently amended) A method of processing an undeniable digital signature, 
comprising the steps of; 

(a) generating public keys (D, P, k, t) and secret keys (Dl, q) at a signer side, by 

generating two primes p, q (p, q > 4, p - 3 mod 4, J£ < q ), computing Dl = -p and D = 



Kronecker symbol, and generating a kernel element P of a map from a class group Cl(D) to a 
class group C1(D1); 

(b) generating a signature S for a message m at the signer side, by embedding the 
message m into a message ideal M in the class group C1(D) where a norm of the message 
ideal M is larger than k+1 bits, and mapping the message ideal M to the class group C1(D1) 
and pulling the mapped message ideal M back to the class group C1(D); and 

(c) verifying the signature S by: 

(cl) checking whether a norm N(S) of the signature S received from the signer 
side is smaller than k bits or not, and judging that the signature S is illegal when the norm 
N(S) is larger than k bits, or generating a challenge C when the norm N(S) is not larger than 
k bits, by computing the message ideal M of the message m, generating a random integer r 
smaller than t bits, computing H = (M/S) T , generating a random ideal B whose norm is 
smaller than k- 1 bits, and computing the challenge C = BH, at a verifier side; 

(c2) computing a response W by mapping the challenge C received from the 
verifier side to the class group C1(D1) and pulling the mapped challenge C back to the class 




Dlq 2 , obtaining a bit length k of ^— and a bit length t of q-(Dl/q) where (Dl/q) denotes 
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group C1(D) and squaring a result of mapping and pulling back, using the secret keys (Dl, q), 
at the signer side; and 

(c3) checking whether W = B 2 holds or not by using the response W received from 
the sjimer, aide, and judging that the signature S is legal when W = B 2 holds or that the 
signature S is illegal otherwise, at the verifier side. 

2. (Original) A signer device for processing an undeniable digital signature, 
comprising: 

a key generation unit for generating public keys (D, P, k, t) and secret keys (D 1 , q), by 
generating two primes p, q (p, q > 4, p = 3 mod 4, ^ < q), computing Dl = -p and D = 

Dlq 2 , obtaining a bit length k of and a bit length t of q-(Dl/q) where (D 1 /q) denotes 

Kronecker symbol, and generating a kernel element P of a map from a class group G1(D) to a 
class group C1(D1); 

a signature generation unit for generating a signature S for a message m, by embedding 
the message m into a message ideal M in the class group C1(D) where a norm of the message 
ideal M is larger than k+l bits, and mapping the message ideal M to the class group C1(D1) 
and pulling the mapped message ideal M back to the class group Cl(D); and 

a response generation unit for receiving a challenge C = BH from a verifier side, where B 
is a random ideal whose norm is smaller than k-1 bits, H = (M/S) r , and r is a random integer 
smaller than t bits, computing a response W by mapping the challenge C to the class group 
C1(D1) and pulling the mapped challenge C back to ihe class group C1(D) and squaring a 
result of mapping and pulling back, using the secret keys (Dl, q), and sending the response 
W to the verifier side, in a process for verifying the signature S. 

3. (Currently amended) A verifier device for processing an undeniable digital 
signature, using a message m and a signature S for the message m received from a signer 
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side, where public keys (D, P, k, t) and secret keys (Dl, q) are defined by generating two 
primes p, q (p, q > 4, p = 3 mod 4, ^ < q) computing Dl = -p and D = Dlq 2 , obtaining a 

bit length k of -^-p and a bit length t of q-(Dl/q) where (Dl/q) denotes Kronecker symbol, 

and generating a kernel element P of a map from a class group O(D) to a class group C1(D1), 
and the signature S for th e message - m is generated by embedding the message m into a 
message ideal M in the class group Cl(D) where a norm of the message ideal M is larger than 
k+1 bits, and mapping the message ideal M to the class group C1(D1) and pulling the mapped 
message ideal M back to the class group C1(D), the verifier device comprising: 

a norm checking unit for checking whether a normN(S) of the signature S is smaller than 
k bits or not, and judging that the signature S is illegal when the norm N(S) is larger than k 
bits; 

a challenge generation unit for generating a challenge C when the norm N(S) is not larger 
than k bits, by computing the message ideal M of the message m, generating a random 
integer r smaller than t bits, computing H = (M/S) r , generating a random ideaVB whose norm 
is smaller than k-1 bits, and computing a challenge C = BH, and for sending the challenge C 
to a the signer side; and 

a response checking unit for receiving a response W from the signer side, checking 
whether W = B 2 holds or not, and judging that the signature S is legal when W = B 2 holds or 
that the signature S is illegal otherwise, where the response W being obtained by mapping 
the challenge C to the class group Cl(Dl) and pulling the mapped challenge C back to the 
class group C1(D) and squaring a result of mapping and pulling back, using the secret keys 
(Dl,q). 

4. (Original) A computer usable medium having computer readable program codes 
embodied therein for causing a computer to function as a signer device for processing an 
undeniable digital signature, the computer readable program codes including: 
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a first computer readable program code for causing said computer to generate public keys 
(D, P, k, t) and secret keys (Dl , q), by generating two primes p, q (p, q > 4, p = 3 mod 4, 




< q) , computing Dl = -p and D = Dlq 2 , obtaining a bit length k of ^LJ. a „ d a bit 



length t of q-(Dl/q) where (Dl/q) denotes Kronecker symbol, and generating a kernel 
element P of a map from a class group C1(D) to a class group C1(D 1); 

a second computer readable program code for causing said computer to generate a 
signature S for a message m, by embedding the message m into a message ideal M in the 
class group C1(D) where a norm of the message ideal M is larger than k+1 bits, and mapping 
the message ideal M to the class group Ct(Dl) and pulling the mapped message ideal M back 
to the class group C1(D); and 

a third computer readable program code for causing said computer to receive a challenge 
C = BH from a verifier side, where B is a random ideal whose norm is smaller than k-1 bits, 
H => (M/S)\ and r is a random integer smaller than t bits, compute a response W by mapping 
the challenge C to the class group C1(D1) and pulling the mapped challenge C back to the 
class group C1(D) and squaring a result of mapping and pulling back, using the secret keys 
(Dl , q), and send the response W to the verifier side, in a process for verifying the signature 
S. 

5. (Currently amended) A computer usable medium having computer readable 
program codes embodied therein for causing a computer to function as a verifier device for 
processing an undeniable digital signature, using a message m and a signature S received 
from a signer side, where public keys (D, P, k, t) and secret keys (Dl , q) are defined by 

generating two primes p, q (p, q > 4, p = 3 mod 4, M < q), computing Dl = -p and D = 



Dlq 2 , obtaining a bit length k of 




and a bit length t of q-(Dl/q) where (Dl/q) denotes 
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Kronecker symbol, and generating a kernel element P of a map from a class group C1(D) to a 
class group C1(D1), and the signature S for the message m is generated by embedding the 
message m into a message ideal M in the class group C1(D) where a norm of the message 
ideal M is larger than k+1 bits, and mapping the message ideal M to the class group C1(D1) 
and pulling the mapped message ideal M back to the class group C1(D), the computer 
readable program codes including: 

a first computer readable program code for causing said computer to check whether a 
norm N(S) of the signature S is smaller than k bits or not, and judge that the signature S is 
illegal when the norm N(S) is larger than k bits; 

a second computer readable program code for causing said computer to generate a 
challenge G when the norm N(S) is not larger than k bits, by computing the message ideal M 
of the message m, generating a random integer r smaller than t bits, computing H = (M/S) r , 
generating a random ideal B whose noon is smaller than k-1 bits, and computing the 
challenge C = BH, and send the challenge C to a the signer side; and 

a third computer readable program code for causing said computer to receive a response 
W from the signer side, check whether W = B 2 holds or not, and judge that the signature S is 
legal when W = B 2 holds or that the signature S is illegal otherwise, where the response W 
being obtained by mapping the challenge C to the class group C1(D1) and pulling the mapped 
challenge C back to the class group C1(D) and squaring a result of mapping and pulling back, 
using the secret keys (Dl , q). 

6.-7. (Cancelled). 

8. (Currently amended) Tho mothod of claim 7 A method for providin g a 
software vending service, comprising the steps of ; 

(a) attaching a signature S to a software offered for downloading bv clients at a 
software v endor side, according to an undeniable digital signature scheme, wherein the step 
fa) further includes the steps of: 
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(al ) gene rating public keys f D. P. k, t) and secret kevs (D\. o) at the software 
vendor side, by generating two pri mes p. q (p. a > 4. p = 3 mod 4_ l£ <g\ computing Dl^ 



-p and D = Dig 2 , obtaining a bit length k of ^1— L and a bit length t of q-(D1/q^ where (DlAri 

denotes Kronecker sv mboK and generating a kernel element P of a map from a class group 
CKD) to a class group CirDlV and 



the software vendor side, bv embedding the message m into a message ideal M in the class 
group CMP) where a norm of the message ideal M is larger than k-H bits, and mapping the 
message ideal M to th e class group C\(D\) and pulling the mapped message ideal M back to 
the class group CICD): and 

fb) verifying the signat ure S a client side which has downloaded the software with 
the signature S attac hed thereto interactively with the software vendor side, so as to prove 
that the so ftware has not been altered from an original, wherein the step (b) further includes 
the steps of: 

(b 1 ) checking whether a norm N(S) of the signature S received from the 
software vendor side is smaller than k bits or not, and judging that the signature S is illegal 
when the norm N(S) is larger than k bits, or generating a challenge C when the norm N(S) is 
not larger than k bits, by computing the message ideal M of the message m, generating a 
random integer r smaller than t bits, computing H = (M/S) r , generating a random ideal B 
whose norm is smaller than k-1 bits, and computing the challenge C = BH, at a tiie client 
side; 

(b2) computing a response W by mapping the challenge C received from the 
client side to the class group C1(D1) and pulling the mapped challenge C back to the class 
group C1(D) and squaring a result of mapping and pulling back, using the secret keys (Dl, q), 
at the software vendor side; and 




fa2) generating the s ignature S for a message m representing the software at 
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(b3) checking whether W = B 2 holds or not bv using the response W received 
from the software vendor side, and judging that the signature S is legal when W = B 2 holds 
or that the signature S is illegal otherwise, at the client side. 

9. (Currently amended) The method of claim 4 8, wherein the step (a) attaches 
the undeniable digital signature S using different sets of public keys and secret keys for 
different software s kinds of software . 

10. -12. (Cancelled). 

1 3 . (Currently amended) ¥he m e thod of claim 12 A method for enabling a user 
side to check authenticity of an e-commerce/information service provider, comprising the 
steps of: 

fa) obtaining public keys (D, P, k, t). secret kevs (Dl . q), and a signature S for the 
public keys from a certificate authority side at the e-commerce/information service provider, 
the signature being generated bv the certificate authority side according to an undeniable 
digital sisnature scheme, wherein the step (a) further includes the steps of: 



side, bv generating two primes p. q (v. q > 4> p = 3 mod 4. < a\ computing Dl = -p and 



denotes Kronecker symbol, and generating a kernel element P of a map from a class group 
ClOy) to a class group CKDn: and 

(aD generating the signature S for the public keys at the certificate authority 
side, bv embedding the public keys into a message ideal M in the class group Cl(D) where a 
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norm of the message ideal M is larger than k+1 hits, and mapping th* message idea? M tn the 
class group Q(D1) and pulling the ma pped messag e ideal M hack to the class group Cl(DY 
(b) providing the public keys and the signatur e S from the e-commerce/infnrTnati™ 
service provider to the user side, such that the user side carries nut a process of verifying the 
Signature S provided from the e-commerce/information service provider to the user side. 
interactively with the certificate aut hority side tn prove authenticity of the public kevs 
provided by the e-commerce/infor mation service provider , wherein at the step (b) the 
signature is verified by further includes the steps of: 

(bl) checking whether a norm N(S) of the signature S received from the 
certificate authority side is smaller than k bits or not, and judging that the signature S is 
illegal when the norm N(S) is laTgex than k bits, or generating a challenge C when the norm 
N(S) is not larger man k bits, by computing the message ideal M of the public keys, 
generating a random integer r smaller than t bits, computing H = (M/S) r , generating a random 
ideal B whose norm is smaller than k-1 bits, and computing the challenge C = BH, at a the 
user side; 

(b2) computing a response W by mapping the challenge C received from the 
U S"" ade to me class group C1(D1) and pulling the mapped challenge C back to the class 
group C1(D) and squaring a result of mapping and pulling back, using the secret keys (Dl, q), 
at a the certificate authority side; and 

(b3) checking whether W = B 2 holds or not bv using the response W received 
from the certificate authority side, and judging that the signature S is legal when W = B 2 
holds or that the signature S is illegal otherwise, at the user sid e: and 

(c) receiving an encrypted random data fro m the user side, the encrypted random data 
being encrypted bv the user using the p ublic kevs. decrypting the encrypted random data 
using the secret kevs. and returning a d ecrypted random data to the user side, such that the 
user side checks if the decrypted rand nm data coincides with an original random data to 
prove that the e-corrimerce/informa tion service provider has authentic secret kevs . 
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14.-16. (Cancelled). 

1 7. (Currently amended) Th e m e thod of claim 16 A method for enabling a user 
side to check authenticity of an e-commerce/information service provider, comprising the 
steps of: 

fa) issuing public keys CD. P. k. t\ secret keys (Dl. q\ and a signature S for the 
public keys from a certificate authority side to the e-commerce/information service provider, 
the signature S being g enerated according to an undeniable digital signature scheme, wherein 
the step (a) further includes the steps of: 

lal) generating the public keys and the secret keys at the certificate authority 

side, bv generating two primes p„ q (p, q > 4, p = 3 mod 4, ^ly < g< computing: Dl - -p and D 



= Dig 2 , obtaining a bit length k of _and a bit length t of q-fDIAri where (Dl/q 1 ) denotes 

Kronecker symbol, and generating a kernel element P of a map from a class group ClfDYto a 
c1a$$ group CTO); and 

(a2) generating the signature S for the public keys at the certificate authority 
side, bv embedding the public keys into a message ideal M in the class group CKD) where a 
norm of the message ideal M is larger than k+1 bits, and mapping the message ideal M to the 
class group CKDD and pulling the mapped message ideal M back to the class group Cl(D): 



(b) verifying the signature S provided from the e-commerce/information service 
provider to the user side, at the certificate authority side interactively with the user side in 
order to prove authenticity of the public keys provided bv the e-commerce/information 
service provider , wherein a* the step (b) th e signatur e is verificd - by further includes the steps 
of: 
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(bl) checking whether a norm N(S) of the signature S received from the 
certificate authority side is smaller than k bits or not, and judging that the signature S is 
illegal when the norm N(S) is larger than k bits, or generating a challenge C when the norm 
N(S) is not larger than k bits, by computing the message ideal M of the public keys, 
generating a random integer r smaller than t bits, computing H = (M/S) r 3 generating a random 
ideal B whose norm is smaller than k-1 bits, and computing the challenge C = BH, at a the 
user side; 

(b2) computing a response W by mapping the challenge C received from the 
side to the class group C1(D1) and pulling the mapped challenge C back to the class 
group C1(D) and squaring a result of mapping and pulling back, using the secret keys (Dl, q), 
at a the certificate authority side; and 

(b3) checking whether W = B 2 holds or not bv using the response W received 
from the certificate au thority side, and judging that the signature S is legal when W = B 2 
holds or that the signature S is illegal otherwise, at the user side. 

18.-20. (Cancelled). 

21. (Currently amended) The method of claim 20 A method for enabling a user 
side to check authenticity of an e-commerce/information service provider, comprising the 
steps of: 

(a) generating a signature S for a hash value of a home page of the e- 
commerce/information service pr ovider at a certificate authority according to an undeniable 
digital signature scheme , wherein the step (el) further includes the steps of: 

(al) generating public k evs fD. P. k. t) and secret keys (PL a) at the 

certificate authority, bv generating t wo primes p. q (p. q > 4. p = 3 mod 4 <\ computing 
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Dl = -p and D Dlq z . obtaining a bit length k - and a bit length t of a-CDl/q) where 

4 

(Dl/q) denotes Kronecker symbol, and generating a kernel element P of a map from a class 
group CKD) to a class group ClfDIV and 

(s2) generating the signature S for the hash value of the home page at the 
certificate authority, bv embedding the hash value of the home page into a message ideal M 
in the class group ClfD) where a norm of the message ideal M is larger than k-H bits, and 
mapping the message ideal M to the class group C1fD1 ) and pulling the mapped message 
ideal M back to the class group ClfD); 

(b) posting the signature on a display of the home page of the e- 
commerce/information service provider at a user side from the certificate authority side, such 
that the user side can initiate a process of verifying the signature by clicking the signature on 
the display; and 

( c) verifying the signature S at the certificate authority side interactively with the user 
side in order to prove authenticity of the e-commerce/mformation service provider , wherein 
at the step (c ) th e signatur e is verified by further includes the steps of: 

(cl) checking whether a norm N(S) of the signature S received from the 
certificate authority side is smaller than k bits or not, and judging that the signature S is 
illegal when the norm N(S) is larger than k bits, or generating a challenge C when the norm 
N(S) is not larger than k bits, by computing the message ideal M of the public keys, 
generating a random integer r smaller than t bits, computing H = (M/S) r , generating a random 
ideal B whose norm is smaller than k- 1 bits, and computing the challenge C = BH, at the user 
side; 

(c2) computing a response W by mapping the challenge C received from the 
user side to the class group C1(D1) and pulling the mapped challenge C back to the class 
group C1(D) and squaring a result of mapping and pulling back, using the secret keys (Dl, q), 
at a the certificate authority side; and 



PAGE 16/18 * RCVD AT 1 1/8/2004 3:39:07 PM [Eastern Standard Time] * SVR:USPT0€FXRF-1/5 * DNIS:8729306 * CSID:404 815 6555 * DURATION (mm-ss):0546 



11/08/2004 16:'45 FAX 404 815 6555 



ES 



(21017 



Appln. No. Serial No. 09/654,638 
Amdt. Dated 1 1/8/04 

First Response in Appln, Reply to Office Action of 7/6/2004 
Page 13 of 14 



(c3) checking whether W = B 2 holds or not by using the response W received 
from the c ertificate authority side, and judging that the signature S is legal when W = B 2 
holds or that the signature S is illegal otherwise, at the user side. 
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